All the latest UK technology news, reviews and analysis


Microsoft to patch Internet Explorer ActiveX Control zero-day vulnerability

12 Nov 2013
Microsoft Internet Explorer

Microsoft has released a fix for an ActiveX Control critical vulnerability in its Internet Explorer (IE) browser that was being targeted by an advanced watering hole attack.

Microsoft Trustworthy Computing (TwC) group manager of response communications Dustin Childs confirmed the fix in a post on the company's Security Response Center blog.

"The security update will be distributed to customers tomorrow [Tuesday 12 November] via Windows Update at approximately 10am PDT [6pm GMT]. Customers who have Automatic Updates enabled will not need to take any action to receive the update," read the post.

The IE vulnerability was discovered by security firm FireEye earlier in November. The vulnerability is known to have been targeted with an advanced watering hole attack. Watering hole attacks are scams that see hackers turn websites commonly visited by their intended victim into malware-distribution tools.

The attack is significant as it was able to put malware directly onto a computer's memory without first writing it to the hard disk. The execution made it more difficult for companies to check whether their systems had been compromised by the malware using traditional techniques.

Childs called for businesses to take temporary protective measures while they wait for the full fix. These include setting the company's internet and local intranet security settings to high, configuring IE to send a prompt before running Active Scripting or disabling Active Scripting completely and deploying Microsoft's Enhanced Mitigation Experience Toolkit (EMET).

The IE vulnerability discovery comes during a reported boom in cyber attacks. Microsoft released a workaround fix for vulnerabilities in Microsoft's Lync, Office and Windows Server earlier in November, and it is now building a full patch.

The severity of the threat posed by hackers has led many companies to call for increased collaboration between security vendors. Symantec pledged to create a centralised information-sharing big data hub to help customers spot targeted attacks in October.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
10%
10%
3%
63%
14%

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

EMEA Presales Solutions Consultant (Business Analysis)

EMEA Presales Solutions Consultant (Business Analysis...

App Developer (Objective C / XCode) - Northampton

App Developer (Objective C / XCode) Skills...

Digital Project Managment (Development)

Digital Project Manager (Development) Skills...

Snr PHP / Zend Developer - (Leading Digital Agency) - Northampton

PHP / Zend - Web Developer (Superb digital Agency...
To send to more than one email address, simply separate each address with a comma.